Shulou(Shulou.com)06/01 Report--

The following mainly brings you the detailed steps of installing vsftpd+pam+mysql for virtual user authentication. I hope these contents can bring you practical use. This is also the main purpose of this article that I edit and install vsftpd+pam+mysql to achieve the detailed steps of virtual user identity authentication. All right, don't talk too much nonsense, let's just read the following.

First, install the required programs

1. Install the development environment and mysql database beforehand

# yum-y install mysql-server mysql-devel

# yum-y groupinstall "Development Tools"DevelopmentLibraries"

two。 Install pam_mysql-0.7RC1

# tar zxvf pam_mysql-0.7RC1.tar.gz

# cd pam_mysql-0.7RC1

#. / configure-with-mysql=/usr-with-openssl

# make

# make install

3. Install vsftpd

# yum-y install vsftpd

# cp / usr/lib/security/pam_mysql.so / lib/security/

# this shared library will be used in later pam files, so make sure that its path is correct.

Create a virtual user account

1. Prepare database and related tables

First, make sure that the mysql service is started properly. Then, as needed, set up a database to store the virtual user, which is created as a vsftpd database.

Mysql > create database vsftpd

Mysql > grant select on vsftpd.* to vsftpd@localhostidentified by 'vsftpd'

Mysql > grant select on vsftpd.* to vsftpd@127.0.0.1 identified by 'vsftpd'

Mysql > flush privileges

# the use of user vsftpd here is that the owner of the mysql process runs with vsftpd when pam retrieves from the mysql database in the future

Mysql > use vsftpd

Mysql > create table users (

-> id int AUTO_INCREMENT NOT NULL

-> name char (20) binary NOT NULL

-> password char (48) binary NOT NULL

-> primary key (id)

->)

2. Add a virtual user for the test

Mysql > insert into users (name,password) values ('tom',passwd (' xsl'))

Mysql > insert into users (name,password) values ('boy', passwd (' xsl'))

3. Configure vsftpd

1. Establish the documents required for pam certification

# vi / etc/pam.d/vsftpd.mysql

Add the following two lines

Auth required / lib/security/pam_mysql.so user=vsftpd passwd=vsftpd host=localhostdb=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2

Account required / lib/security/pam_mysql.so user=vsftpdpasswd=vsftpd host=localhost db=vsftpd table=users usercolumn=namepasswdcolumn=password crypt=2

two。 Modify the configuration file of vsftpd to adapt to mysql authentication

Establish the system user and corresponding directory of virtual user mapping

# useradd-s / sbin/nologin vuser

# chmod go+rx / home/vuser

Make sure the following options are enabled in / etc/vsftpd.conf

Anonymous_enable=YES

Local_enable=YES

Write_enable=YES

Anon_upload_enable=NO

Anon_mkdir_write_enable=NO

Chroot_local_user=YES

Then add the following options

Guest_enable=YES

Guest_username=vuser

And make sure that the value of the pam_service_name option is as follows

Pam_service_name=vsftpd.mysql

# the file name must be the same as the pam file name established above

Start the vsftpd service

# service vsftpd start

# chkconfig vsftpd on

Log in to the virtual user and verify the configuration result. The following is a local command test. You can also log in to verify the result with IE or FTP client tools on other Win Box.

# ftp localhost

If you log in using the command method, if the

[root@localhost ~] # ftp localhost

Connected to localhost

220 (vsFTPd 2.0.5)

530 Please login with USER and PASS.

530 Please login with USER and PASS.

KERBEROS_V4 rejected as an authentication type

Name (192.168.0.104:root): tom

331 Please specify the password.

Password:

530 Login incorrect.

Login failed.

Ftp >

In this case, please check the log information and use the tail / var/log/secure command

Oct 19 15:41:42 localhost vsftpd: pam_mysql-MySQL error (Can't connect to local MySQL server through socket'/ var/lib/mysql/mysql.sock' (2))

Oct 19 15:43:02 localhost vsftpd: pam_mysql-MySQL error (Can't connect tolocal MySQL server through socket'/ var/lib/mysql/mysql.sock' (2))

If such a word appears, the pam-mysql module cannot establish a connection through mysql's socket field mysql.

Solution:

Change host=localhost in authentication module to host=127.0.0.1

[root@bogon pub] # ftp 127.0.0.1

Connected to 127.0.0.1 (127.0.0.1).

220 (vsFTPd 2.2.2)

Name (127.0.0.1:root): tom

331 Please specify the password.

Password:

500 OOPS: cannot change directory:/home/vuser

Solution: set selinux to disable and restart the CVM.

5. Configure virtual users with different access rights

Vsftpd can provide a separate profile for each user in the profile directory to define their access to ftp services, and the profile name of each virtual user is the same as the user name of the virtual user. The profile directory can be any unused directory, just specify its path and name in vsftpd.conf.

1. Configure vsftpd to use the profile directory for virtual users

# vim vsftpd.conf

Add the following options

User_config_dir=/etc/vsftpd/vusers

2. Create the required directories and provide configuration files for virtual users

# mkdir / etc/vsftpd/vusers/

# cd / etc/vsftpd/vusers/

# touch tom boy

3. Configure the access rights of virtual users

The access rights of virtual users to vsftpd services are carried out through the relevant instructions of anonymous users. For example, if you need to give tom users permission to upload files, you can modify the / etc/vsftpd/vusers/tom file and add the following option to it.

# upload permission

Anon_upload_enable=YES

# create file permissions

Anon_mkdir_write_enable=YES

# Delete file permissions

Anon_other_write_enable=YES

This allows you to specify the access rights of the virtual user

For the above installation of vsftpd+pam+mysql implementation for virtual user authentication detailed steps, we do not find it very helpful. If you need to know more, please continue to follow our industry information. I'm sure you'll like it.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.